{ "schema_version": "1.7.0", "id": "MGASA-2013-0188", "published": "2013-06-26T18:44:41Z", "modified": "2013-06-26T18:44:34Z", "summary": "Updated curl packages fix CVE-2013-2174", "details": "libcurl is vulnerable to a case of bad checking of the input data which may\nlead to heap corruption. The function curl_easy_unescape() decodes URL encoded\nstrings to raw binary data. URL encoded octets are represented with %HH\ncombinations where HH is a two-digit hexadecimal number. The decoded string is\nwritten to an allocated memory area that the function returns to the caller\n(CVE-2013-2174)\n", "upstream": [ "CVE-2013-2174" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0188.html" }, { "type": "WEB", "url": "http://curl.haxx.se/docs/adv_20130622.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=10595" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "curl", "purl": "pkg:rpm/mageia/curl?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.24.0-1.2.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "curl", "purl": "pkg:rpm/mageia/curl?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "7.28.1-6.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }